home

cdn.rapidofiles.com

WHOISGUARD, INC.  (Proxy Registrant)

Domain Information

The domain cdn.rapidofiles.com is registered by proxy through ENOM, INC. and was originally registered in February of 2016. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in San Francisco, California within the United States which resides on the Fastly network.
Registrar:
ENOM, INC.

Server location:
California, United States (US)

Create date:
Tuesday, February 2, 2016

Expires date:
Thursday, February 2, 2017

Updated date:
Tuesday, February 2, 2016

ASN:
AS54113 FASTLY - Fastly,US

Root domain:
rapidofiles.com

Whois:
1 rapidofiles.com record

Scanner detections:
Detections  (91% detected)

Scan engine
Details
Detections

ESET NOD32
Win32/Adware.CloudGuard.B application, multiple threats, Win32/Sality.NBA virus
63.64%

Reason Heuristics
Threat.Win.Reputation.IMP, Adware.DNSUnlocker (M), PUP.BundledOffer.Installer.Installer.Meta (M)
54.55%

avast!
Win32:Dropper-OHA [PUP], Win32:Kukacka, Win32:Adware-gen [Adw]
27.27%

Emsisoft Anti-Malware
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737, Win32.Sality
27.27%

MicroWorld eScan
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737
18.18%

VIPRE Antivirus
Trojan.Win32.Generic
18.18%

Bitdefender
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737
18.18%

Kaspersky
Trojan-Dropper.Win32.Agent, Virus.Win32.Sality
18.18%

Lavasoft Ad-Aware
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737
18.18%

F-Secure
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737
18.18%

Dr.Web
Trojan.Crossrider1.18052, Win32.Sector.30
18.18%

Avira AntiVirus
TR/Dropper.Gen, ADWARE/CloudGuard.210944
18.18%

G Data
Gen:Trojan.Heur.TP.miZ@bKoUibj, Gen:Variant.Razy.14737
18.18%

Fortinet FortiGate
W32/Agent.PEOK!tr, Riskware/CloudGuard
18.18%

Baidu Antivirus
Trojan.Win32.Dropper, Adware.MSIL.CloudGuard
18.18%

The domain cdn.rapidofiles.com has been seen to resolve to the following 3 IP addresses.

23.235.46.249
March 2, 2016

199.27.76.249
February 27, 2016

23.235.39.249
February 27, 2016

File downloads found at URLs served by cdn.rapidofiles.com.

1 / 68      (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (3cb79aef2ce14cf8a2ad6e5562ea5f9f)

22 / 68    (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (09dc0eabc6909136805dc843a8224946)

10 / 68    (Infected)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (645c6b44e38f0229d41312fb2bd26683)

2 / 68      (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (007e9bd5bfa3586ff6652384d1494411)

3 / 68      (Malware)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (d090e5379c787fbd3efc335b9f82b5a5)

1 / 68      (inconclusive)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (fe2a8d0a712b1bb3dcfa095f0a1b305e)

1 / 68      (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (cfad0b2c74c36bd7af32575569d5e48b)

1 / 68      (Malware)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (b1c04a8882d12b4e80e426d72cfeb71b)

21 / 68    (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (0c4a55c7e8c3d58051a4f0f1335e21ad)

2 / 68      (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (b039f55cdd99d42514459252a9c1051c)

2 / 68      (PUP)
http://cdn.rapidofiles.com/download/85/60001/.../setup.exe  (1fd60727d56c3c757d812f23538b9d9a)

The following 6 files have been seen to comunicate with cdn.rapidofiles.com in live environments.

TCP » 199.27.76.249:443
product support.crx

TCP » 23.235.39.249:443
discountapp_1.0.0.0.crx

TCP » 23.235.39.249:443
savingsplugin_1.0.crx

TCP » 23.235.46.249:443
product support.crx

TCP » 23.235.46.249:443
product support.crx

TCP » 23.235.46.249:443
couponmatcher_1.0.0.0.crx

URL:
http://cdn.rapidofiles.com/

Web server:
nginx/1.7.2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.